Hi I actually believe the code is more secure than the datastore.
Anyone with a valid developer userid/password can get to data via the admin panel, or remote_api if it's stored in the datastore. They would have to jump through some serious hoops to get the keys if stored in the code base, It's still possible but a lot harder. T On Sep 24, 2:08 am, Rick Horowitz <[email protected]> wrote: > > I would > > not recommend just the memcache as it will/could eventually get > > flushed. > > Very true, you're right. I hadn't thought about it being flushed. > > > Most people would probably just hard code it on the App > > Engine server code. It might be a little more secure or closer to > > Authorize.net's idea if it's stored in the datastore. (which is more > > secure in GAE, the code or datastore data?) > > Good question, "which is more secure, the app code that runs on gae or > the datastore"? Can someone from Google answer this, please? > > > I think you could just > > create a simple entity in the datastore with server code you run once > > and remove > > You mean by redeploying the app without that code? > > > or maybe directly from the admin panel > > I like this approach, assuming that the datastore is secure. I hadn't > realized you could create an entity from the admin panel. > > Thank you for you insightful comments. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
